Thursday, 23 May 2013

Quite a few updates over the past few days. First and foremost, the bug with sURL is fixed.
Secondly, whilst the hpHosts site is still having issues, I've modified the config to try and alleviate the issue, so it should stay up longer than it was.
I've also got updates to a few programs going up over the next 72 hours or so (desperate for sleep, and my body and sleeping tablets have decided I've got to stay awake, despite both being awake since yesterday, driving for 8+ hours from the other end of the country, back home, and stressed to holy hell and back - oh the joys).
The next full hpHosts update will also be getting pushed out over the next 48 hours.
There was a few others, but my brain is fried so can't remember what else I was going to mention - it'll come back to me.

Sunday, 19 May 2013

Doing a quick search for something earlier, I stumbled upon pcguide.com, and whilst I'm now used to (but still hate) seeing security sites and support etc forums plastering ads all over the place (some even in the first and then every other, post), I still get irked when I see this kind of thing.

What makes this worse, is that it's not being delivered via an ad network this time - the "advert", if you can call it that, is housed on pcguide.com itself.

hxxp://www.pcguide.com/uniblue.jpg

For an alleged security forum to use blatantly misleading adverts just to push their affiliate link, is simply abhorrent.

Since they didn't want to, I've added a little red box around the offending advert, for those wondering which one I'm referring to.

As for Uniblue, well we already know they're no stranger to the use of misleading marketing, given they've been caught doing such countless times, and ignoring cases where their affiliates (such as this case) use them.

Needless to say, pcguide.com has been added to the hpHosts blacklist (classification: MMT), Uniblue.com was re-added back in Feb for exactly the same thing.

Wednesday, 15 May 2013

Investigating a piracy case earlier, I was absolutely disgusted to see the following, which shows Tuguu, owner of PPI programs such as Doma IQ, engaging in practices that are so misleading they make hackforums.net look legit.

Not only does this fake flash player advert lead straight to a download that is NOT (like you didn't see that coming) Flash, but is so beyond not being flash that it almost becomes Flash again. Hillariously, the installer also comes complete with a RunDLL error (obviously wasn't written to handle paths with spaces in them).

* Dear Babylon, it doesn't matter if you name it BabSolution, BabMaint or "I'm a cuddly bear, what harm could I do" - you're still filling the users machine with crap without permission, you may as well don a strap on and tell the poor user to have their PC bend over (nice of you to drop the log_file.txt though, guessing you didn't mean to do that).

FYI folks, Babylon also adds BabMaint.exe to the scheduled tasks.

** BrowserProtect adds itself to the Scheduled Tasks, using sc.exe to auto-load it, so if you're trying to kill its task and wondering why it keeps coming back, this is one of the reasons - the other being the service it helpfully adds. This means even if you kill its tasks, the scheduled task will re-load them, and if you kill and delete both, the service it adds, will re-load and re-add them. And the service can't be stopped, it decides to present an error whenever you try (sorry PerformerSoft, I'm much quicker than your processes and service seems to be, so whilst it took 3 attempts, the service was stopped and disabled without requiring a reboot).

Instead, you need to disable the service, reboot, then kill both the processes and the scheduled task (you'll have to be quick though, or the process will re-add the scheduled task)

To make matters worse, the installer adds things to load on startup, with broken paths - again due to its not being able to handle spaces in paths - who the hell tested this thing?

And again, to make matters worse, a page is loaded in the browser, on the lastplayerfree.com site, that offers yet more scareware (RegClean Pro) - this time from SysTweak.

Oh and, if you're planning on actually using your machine after it's finished crucifying your installation, forget it - it shot the IE process up to 90%, and it's remained at between 47% - 99% ever since (and it's been at least 20 minutes so far)

These kind of tactics are getting my goat more and more, especially since the companies involved constantly complain when they're blacklisted, proclaiming their innocence, blaming everyone EXCEPT themselves, yet here we are again, with the likes of Babylon, PerformerSoft, Tuguu and their ilk, right back at it not 6 months after complaining about being blacklisted, saying they weren't doing this sort of thing. Well sorry, but you're not getting off anywhere as easy, and don't even think of being given the benefit of the doubt this time because frankly, I've had enough.

In the meantime, the URLs responsible for those that are interested, are;

Saturday, 4 May 2013

Just a note folks, the incoming mail server started having issues again yesterday (incoming server is controlled by Domain Monster). Spoke to them today and they're looking into it, but in the meantime, it means I can't receive e-mails.